[Enhancement]: Transit engine to support disable_upsert configuration capability

[ivankatliarchuk]

Description

Currently disable_upsert functionality is missing native support for transit engine. This absence can impact the precise control of resource lifecycles within Vault, potentially affecting the overall efficiency of infrastructure provisioning.

From the api docs

It is possible to manage disable_upsert with vault_generic_endpoint resource however, it's not very convinient.

How resolved currently

resource "vault_generic_endpoint" "disable_upsert" {
  path      = "transit/config/keys"
  data_json = <<EOT
{
  "disable_upsert": true
}
EOT
  depends_on = [vault_mount.transit]
}

or with null resource and curl command

curl -H "X-Vault-Token: $(vault print token)" --request POST --data @payload.json $VAULT_ADDR/v1/transit/config/keys

This require curl and vault cli installed and optional ansible

Affected Resource(s) and/or Data Source(s)

• vault_mount

Potential Terraform Configuration

resource "vault_mount" "transit-example" {
  path        = "transit-example"
  type        = "transit"
  description = "This is an example transit secret engine mount"

  options = {
    disable_upsert = true
  }
}

References

Docs: disable upsert

Would you like to implement a fix?

Yes